Thursday September 13, 2018

Researchers have discovered a new way to defeat security designed to stop cold boot attacks. Sleep mode and cold/hard reboots save critical information in the ram of the device. The Trusted Computing Group (TCG) devised a system of overwriting the contents of the ram when power is restored to the machine. The researchers have discovered a physical hack that rewrites firmware to disable memory overwriting, and change the settings to enable booting from an external device such as a USB stick. Even though the hack works on nearly all laptops, there are a few ways to protect yourself from the attack such as enabling BitLocker, hibernate and using firmware passwords.

"It's not exactly easy to do, but it's not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out," says Olle. "It's not exactly the kind of thing that attackers looking for easy targets will use. But it is the kind of thing that attackers looking for bigger phish, like a bank or large enterprise, will know how to use." And Olle thinks there's no easy fix available to PC vendors, so it's something companies and end users will have to deal with on their own.